Security Vulnerabilities - CVEs Published In 2018
RegFilter.sys in IOBit Malware Fighter 6.2 is susceptible to a stack-based buffer overflow when an attacker uses IOCTL 0x8006E044 with a size larger than 8 bytes. This can lead to denial of service or code execution with root privileges.
CVSS Score
7.8
EPSS Score
0.001
Published
2018-11-10
An issue was discovered in S-CMS v1.5. There is an XSS vulnerability in search.php via the keyword parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-11-09
Cloud Foundry Bits Service Release, versions prior to 2.14.0, uses an insecure hashing algorithm to sign URLs. A remote malicious user may obtain a signed URL and extract the signing key, allowing them complete read and write access to the the Bits Service storage.
CVSS Score
8.1
EPSS Score
0.004
Published
2018-11-09
Sennheiser HeadSetup 7.3.4903 places Certification Authority (CA) certificates into the Trusted Root CA store of the local system, and publishes the private key in the SennComCCKey.pem file within the public software distribution, which allows remote attackers to spoof arbitrary web sites or software publishers for several years, even if the HeadSetup product is uninstalled. NOTE: a vulnerability-assessment approach must check all Windows systems for CA certificates with a CN of 127.0.0.1 or SennComRootCA, and determine whether those certificates are unwanted.
CVSS Score
7.5
EPSS Score
0.007
Published
2018-11-09
WSTMart 2.0.7 has CSRF via the index.php/admin/staffs/add.html URI.
CVSS Score
8.8
EPSS Score
0.002
Published
2018-11-09
An issue has been found in JasPer 2.0.14. There is a memory leak in jas_malloc.c when called from jpc_unk_getparms in jpc_cs.c.
CVSS Score
5.5
EPSS Score
0.004
Published
2018-11-09
An issue has been found in PowerDNS Recursor from 4.0.0 up to and including 4.1.4. A remote attacker sending a DNS query for a meta-type like OPT can lead to a zone being wrongly cached as failing DNSSEC validation. It only arises if the parent zone is signed, and all the authoritative servers for that parent zone answer with FORMERR to a query for at least one of the meta-types. As a result, subsequent queries from clients requesting DNSSEC validation will be answered with a ServFail.
CVSS Score
5.3
EPSS Score
0.0
Published
2018-11-09
DomainMOD through 4.11.01 has XSS via the assets/edit/registrar-account.php raid parameter.
CVSS Score
6.1
EPSS Score
0.022
Published
2018-11-09
DomainMOD through 4.11.01 has XSS via the assets/edit/ip-address.php ipid parameter.
CVSS Score
6.1
EPSS Score
0.017
Published
2018-11-09
IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 151330.
CVSS Score
5.4
EPSS Score
0.002
Published
2018-11-09